Data Processing Agreement (DPA)
Last updated: May 2026
Note on Status: Since StatelessLaw is not yet in production and no customer document corpora or live customer data are being processed through the GraphRAG or ZeroTrace engines, this DPA serves as a framework outlining our data processing principles for early-stage or pilot partners.
1. Scope and Roles
This DPA applies if and when a pilot user or early-access organization ("Customer", acting as Data Controller) uploads data into a pre-production/beta environment of StatelessLaw, and Stateless Logic Global Oy processes that data on behalf of the Customer (acting as Data Processor).
2. Processing Principles
We agree to process any testing data solely based on the Customer's documented instructions and for the purposes of evaluating, developing, and testing the StatelessLaw platform.
3. Data Security and Location
EU-Only Processing: All processing, storage, and AI model execution happen within the EU.
ZeroTrace Architecture: For sensitive test matters utilizing the ZeroTrace mode, data is processed exclusively in isolated RAM. No content data is written to disk, logged identifiably, or used for model training. The process is destroyed upon session termination.
4. Confidentiality
We ensure that personnel authorized to handle any customer testing data have committed themselves to confidentiality agreements.